Baltimore city officials failed to update their Microsoft operating systems, which may have made its network vulnerable to the May 7 ransomware attack that has left officials unable to access emails, health alerts and other systems, according to an opinion piece in The Wall Street Journal by Dave Weinstein, former chief technology officer of New Jersey.
Earlier this week, officials found that a key component of Baltimore's ransomware attack was an NSA-leaked cyberweapon. The NSA found a flaw in Microsoft's software and wrote a code to target the vulnerability. However, the malware was leaked by a group of hackers.
Microsoft has released a patch for the vulnerability. But still two years since the malware was leaked, Baltimore has yet to update its systems. This may be due to the costs and human capital requirements of updating and repairing old computer servers, Mr. Weinstein said.
Baltimore files are still encrypted, with the hackers demanding $100,000 in bitcoin. City officials are now asking the federal government for reparations in the form of emergency funds to cover the nearly $18.2 million in damages the cyberattack has caused, Mr. Weinstein said.
While it may be easy to blame Baltimore officials for the cyberattack, it is not that simple, according to Mr. Weinstein. Instead, software and hardware manufacturers must be held accountable when building products. Additionally, the federal government needs to bring the hackers to justice.